X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=udev_rules_parse.c;h=ce659d73ce8eb815d2cd3b0baad4ec7df5e47e81;hp=3afc31a0fad8b7cb35d4a11ea9dc74da61fc4f46;hb=4278ab015d76876f61821b293df07e0c3746bfd5;hpb=a7567d497333f7f845c634d477c01d90b954a570

diff --git a/udev_rules_parse.c b/udev_rules_parse.c
index 3afc31a0f..ce659d73c 100644
--- a/udev_rules_parse.c
+++ b/udev_rules_parse.c
@@ -28,6 +28,7 @@
 
 #include "udev.h"
 #include "udev_rules.h"
+#include "udev_selinux.h"
 
 
 void udev_rules_iter_init(struct udev_rules *rules)
@@ -469,6 +470,11 @@ static int add_to_rules(struct udev_rules *rules, char *line, const char *filena
 		}
 
 		if (strncasecmp(key, "TEST", sizeof("TEST")-1) == 0) {
+			if (operation != KEY_OP_MATCH &&
+			    operation != KEY_OP_NOMATCH) {
+				err("invalid TEST operation");
+				goto invalid;
+			}
 			attr = get_key_attribute(key + sizeof("TEST")-1);
 			if (attr != NULL)
 				rule->test_mode_mask = strtol(attr, NULL, 8);
@@ -740,7 +746,9 @@ int udev_rules_init(struct udev_rules *rules, int resolve_names)
 	strlcat(filename, "/"RULES_DYN_DIR, sizeof(filename));
 	if (stat(filename, &statbuf) != 0) {
 		create_path(filename);
+		selinux_setfscreatecon(filename, NULL, S_IFDIR|0755);
 		mkdir(filename, 0755);
+		selinux_resetfscreatecon();
 	}
 	add_matching_files(&dyn_list, filename, RULESFILE_SUFFIX);